Merge pull request #12 from zomasec/main

Addin output fro multi scan using flag -o/--output
cyinnove · Apr 16, 2024 · 434eea9 · 434eea9
2 parents e4b52a6 + 5056d42
commit 434eea9
Show file tree

Hide file tree

Showing 6 changed files with 139 additions and 161 deletions.
diff --git a/cmd/corser/main.go b/cmd/corser/main.go
@@ -16,6 +16,7 @@ type options struct {
 	concurrency int
 	cookie      string
 	file        string
+	outputFile  string // New field for output file
 	deepScan    bool
 	origin      string
 	header      string
@@ -24,18 +25,16 @@ type options struct {
 }
 
 func main() {
-
 	opts := &options{}
 
 	var rootCmd = &cobra.Command{
 		Use:   "corser",
 		Short: "Corser Is a CLI Application For Advanced CORS Misconfiguration Detection",
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
-            banner()
+			banner()
 		},
 	}
 
-	// Subcommand for single URL scan
 	var singleCmd = &cobra.Command{
 		Use:   "single",
 		Short: "Performs a scan on a single specified URL",
@@ -48,14 +47,12 @@ func main() {
 			runScan(urls, opts)
 		},
 	}
-
 
 	singleCmd.Flags().StringVarP(&opts.url, "url", "u", "", "Specifies the URL to scan for CORS misconfigurations.")
 	singleCmd.Flags().StringVarP(&opts.pocFile, "gen-poc", "g", "", "Generate a PoC for any vulnerable request with the name of the URL and result found.")
 	singleCmd.MarkFlagRequired("url")
 	rootCmd.AddCommand(singleCmd)
 
-	// Subcommand for multiple URL scans
 	var multiCmd = &cobra.Command{
 		Use:   "multi",
 		Short: "Performs scans on multiple URLs from a specified file",
@@ -68,16 +65,18 @@ func main() {
 			runScan(urls, opts)
 		},
 	}
+
+	// Add the outputFile flag specifically for multi scans
 	multiCmd.Flags().StringVarP(&opts.file, "list", "l", "", "Specifies a file path containing URLs to scan, with one URL per line.")
-	multiCmd.MarkFlagRequired("file")
+	multiCmd.Flags().StringVarP(&opts.outputFile, "output", "o", "", "Specifies the output file path where results should be saved.")
+	multiCmd.MarkFlagRequired("list")
 	rootCmd.AddCommand(multiCmd)
 
-	// Global flags
 	rootCmd.PersistentFlags().StringVarP(&opts.method, "method", "m", "GET", "Specifies the HTTP method to use when sending requests.")
 	rootCmd.PersistentFlags().IntVarP(&opts.timeout, "timeout", "t", 5, "Sets the timeout (in seconds) for each request.")
 	rootCmd.PersistentFlags().IntVarP(&opts.concurrency, "concurrency", "c", 10, "Determines the concurrency level.")
 	rootCmd.PersistentFlags().StringVarP(&opts.cookie, "cookie", "k", "", "Defines cookies to include in the scan requests.")
-	rootCmd.PersistentFlags().StringVarP(&opts.origin, "origin", "o", "http://zomasec.io", "Sets the Origin header value to use in the scan requests.")
+	rootCmd.PersistentFlags().StringVarP(&opts.origin, "origin", "O", "http://zomasec.io", "Sets the Origin header value to use in the scan requests.")
 	rootCmd.PersistentFlags().StringVarP(&opts.header, "header", "H", "", "Specifies additional headers to include in the scan requests.")
 	rootCmd.PersistentFlags().BoolVarP(&opts.deepScan, "deep-scan", "d", false, "Enable deep scan for more advanced CORS bypass techniques.")
 	rootCmd.PersistentFlags().BoolVarP(&opts.verbose, "verbose", "v", false, "Enable verbose mode for detailed logs.")
@@ -90,7 +89,7 @@ func runScan(urls []string, opts *options) {
 		fmt.Fprintln(os.Stderr, "No URLs provided to scan.")
 		return
 	}
-	r := runner.NewRunner(urls, opts.method, opts.header, opts.origin, opts.cookie, opts.deepScan, opts.verbose, opts.timeout, opts.concurrency, opts.pocFile)
+	r := runner.NewRunner(urls, opts.method, opts.header, opts.origin, opts.cookie, opts.deepScan, opts.verbose, opts.timeout, opts.concurrency, opts.pocFile, opts.outputFile)
 	err := r.Start()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error running scan: %s\n", err)
@@ -99,7 +98,6 @@ func runScan(urls []string, opts *options) {
 }
 
 func banner() {
-    	// ASCII art for the logo
 	logo := `
      ____ ___  ____  ____  _____ ____  
     / ___/ _ \|  _ \/ ___|| ____|  _ \ 
@@ -110,99 +108,5 @@ func banner() {
     coded by: @zomasec contributor: @h0tak88r                                     
                                                                                            
 `
-    fmt.Fprintf(os.Stderr, logo)
+	fmt.Fprintf(os.Stderr, logo)
 }
-
-// package main
-
-// import (
-// 	"fmt"
-// 	"os"
-
-// 	"github.com/spf13/cobra"
-// 	"github.com/zomasec/corser/runner"
-// 	"github.com/zomasec/corser/utils"
-// )
-
-// type options struct {
-// 	url         string
-// 	method      string
-// 	timeout     int
-// 	concurrency int
-// 	cookie      string
-// 	file        string
-// 	deepScan    bool
-// 	origin      string
-// 	header      string
-// 	verbose     bool
-// 	pocFile     string
-// }
-
-// func main() {
-// 	opts := &options{}
-
-// 	var rootCmd = &cobra.Command{
-// 		Use:   "corser",
-// 		Short: "Corser Is a CLI Application For Advanced CORS Misconfiguration Detection",
-// 	}
-
-// 	// Subcommand for single URL scan
-// 	var singleCmd = &cobra.Command{
-// 		Use:   "single",
-// 		Short: "Performs a scan on a single specified URL",
-// 		Run: func(cmd *cobra.Command, args []string) {
-// 			if opts.url == "" {
-// 				fmt.Fprintln(os.Stderr, "Single scan requires a URL.")
-// 				os.Exit(1)
-// 			}
-// 			urls := []string{opts.url}
-// 			runScan(urls, opts)
-// 		},
-// 	}
-// 	singleCmd.Flags().StringVarP(&opts.url, "url", "u", "", "Specifies the URL to scan for CORS misconfigurations.")
-// 	singleCmd.Flags().StringVarP(&opts.pocFile, "gen-poc", "g", "", "Generate a PoC for any vulnerable request with the name of the URL and result found.")
-// 	singleCmd.MarkFlagRequired("url")
-// 	rootCmd.AddCommand(singleCmd)
-
-// 	// Subcommand for multiple URL scans
-// 	var multiCmd = &cobra.Command{
-// 		Use:   "multi",
-// 		Short: "Performs scans on multiple URLs from a specified file",
-// 		Run: func(cmd *cobra.Command, args []string) {
-// 			if opts.file == "" {
-// 				fmt.Fprintln(os.Stderr, "Multi scan requires a file with URLs.")
-// 				os.Exit(1)
-// 			}
-// 			urls := utils.ReadFileLines(opts.file)
-// 			runScan(urls, opts)
-// 		},
-// 	}
-// 	multiCmd.Flags().StringVarP(&opts.file, "list", "l", "", "Specifies a file path containing URLs to scan, with one URL per line.")
-// 	multiCmd.MarkFlagRequired("file")
-// 	rootCmd.AddCommand(multiCmd)
-
-// 	// Global flags
-// 	rootCmd.PersistentFlags().StringVarP(&opts.method, "method", "m", "GET", "Specifies the HTTP method to use when sending requests.")
-// 	rootCmd.PersistentFlags().IntVarP(&opts.timeout, "timeout", "t", 5, "Sets the timeout (in seconds) for each request.")
-// 	rootCmd.PersistentFlags().IntVarP(&opts.concurrency, "concurrency", "c", 10, "Determines the concurrency level.")
-// 	rootCmd.PersistentFlags().StringVarP(&opts.cookie, "cookie", "k", "", "Defines cookies to include in the scan requests.")
-// 	rootCmd.PersistentFlags().StringVarP(&opts.origin, "origin", "o", "http://zomasec.io", "Sets the Origin header value to use in the scan requests.")
-// 	rootCmd.PersistentFlags().StringVarP(&opts.header, "header", "H", "", "Specifies additional headers to include in the scan requests.")
-// 	rootCmd.PersistentFlags().BoolVarP(&opts.deepScan, "deep-scan", "d", false, "Enable deep scan for more advanced CORS bypass techniques.")
-// 	rootCmd.PersistentFlags().BoolVarP(&opts.verbose, "verbose", "v", false, "Enable verbose mode for detailed logs.")
-
-// 	rootCmd.Execute()
-// }
-
-// func runScan(urls []string, opts *options) {
-// 	if len(urls) == 0 {
-// 		fmt.Fprintln(os.Stderr, "No URLs provided to scan.")
-// 		return
-// 	}
-// 	r := runner.NewRunner(urls, opts.method, opts.header, opts.origin, opts.cookie, opts.deepScan, opts.verbose, opts.timeout, opts.concurrency, opts.pocFile)
-// 	err := r.Start()
-// 	if err != nil {
-// 		fmt.Fprintf(os.Stderr, "Error running scan: %s\n", err)
-// 		os.Exit(1)
-// 	}
-// }